The weekly reading group meeting of the security subgroup of the Software Technology Group at TU Darmstadt.
Research areas include both analytical and constructive approaches to software security on a language level.
| June 28th, 2016 |
To Pin or Not to Pin: Helping App Developers Bullet Proof Their TLS Connections
by Marten Oltrogge, Yasemin Acar, Sergej Dechand, Matthew Smith, and Sascha Fahl
from USENIX 2015 |
| June 21st, 2016 |
A User-guided Approach To Program Analysis
by Ravi Mangal, Xin Zhang, Aditya V. Nori, and Mayur Naik
from ESEC/FSE 2015 |
| June 7th, 2016 |
Interprocedural Analysis for Privileged Code Placement and Tainted Variable Detection
by Marco Pistoia, Robert J. Flynn, Larry Koved, and Vugranam C. Sreedhar
from ECOOP 2005 |
| May 31st, 2016 |
More Sound Static Handling of Java Reflection
by Yannis Smaragdakis, George Balatsouras, George Kastrinis, and Martin Bravenboer
from Proceedings of the 13th Asian Symposium, APLAS 2015, Pohang, South Korea, November 30 - December 2, 2015 |
| May 17th, 2016 |
Security Applications of Formal Language Theory
by Len Sassaman, Meredith L. Patterson, Sergey Bratus, and Michael E. Locasto
from IEEE Systems Journal (Volume 7, Issue 3), 2013 |
| February 23rd, 2016 |
Verifiable Functional Purity in Java
by Matthew Finifter, Adrian Mettler, Naveen Sastry, and David Wagner
from CCS 2008 |
| February 16th, 2016 |
Analyzing the State of Static Analysis: A Large-Scale Evaluation in Open Source Software
by Moritz Beller, Radjino Bholanath, Shane McIntosh, and Andy Zaidman
from SANER 2016 |
| February 9th, 2016 |
Purity and Side Effect Analysis for Java Programs
by Alexandru D. Sălcianu and Martin C. Rinard
from VMCAI 2005 |
| February 3rd, 2016 |
Combining type-analysis with points-to analysis for analyzing Java library source-code
by Nicholas Allen, Padmanabhan Krishnan, and Bernhard Scholz
from SOAP 2015 |
| January 26th, 2016 |
vfGuard: Strict Protection for Virtual Function Calls in COTS C++ Binaries
by Aravind Prakash, Xunchao Hu, and Heng Yin
from NDSS 2015 |
| January 19th, 2016 |
Control-Flow Bending: On the Effectiveness of Control-Flow Integrity
by Nicolas Carlini, Antonio Barresi, Mathias Payer, David Wagner, and Thomas R. Gross
from USENIX Security Symposium 2015 |
| December 15th, 2015 |
Undecidability of context-sensitive data-dependence analysis
by Thomas Reps
in TOPLAS Volume 22 Issue 1 (Jan 2000) |
| December 8th, 2015 |
Evaluating the Flexibility of the Java Sandbox
by Zack Coker, Michael Maass, Tianyuan Ding, Claire Le Goues, and Joshua Sunshine
from ACSAC 2015 |
| December 1st, 2015 |
A survey of static analysis methods for identifying security vulnerabilities in software systems
by M. Pistoia, S. Chandra, S. J. Fink, and E. Yahav
in IBM Systems Journal Vol 46, No 2, 2007 |
| November 17th, 2015 |
Dimensions of Precision in Reference Analysis of Object-oriented Programming Languages
by Barbara G. Ryder
CC 2013 |
| November 10th, 2015 |
Access Control to Reflection with Object Ownership
by Camille Teruel, Stéphane Ducasse, Damien Cassou, and Marcus Denker
DLS 2015 |
| November 3rd, 2015 |
Detecting Repackaged Smartphone Applications in Third-Party Android Marketplaces
by Wu Zhou, Yajin Zhou, Xuxian Jiang, and Peng Ning
CODASPY 2012 |
| October 27th, 2015 |
Internal paper reading group
submitted to ICSE 2015 |
| October 22nd, 2015 |
VCCFinder: Finding Potential Vulnerabilities in Open-Source Projects to Assist Code Audits
by Henning Perl, Sergej Dechand, Matthew Smith, Daniel Arp, Fabian Yamaguchi, Konrad Rieck, Sascha Fahl, and Yasemin Acar
CCS 2015 |
| October 13rd, 2015 |
Precise identification of side-effect-free methods in Java
by Atanas Rountev
ICSM 2004 |
| October 6th, 2015 |
Predicting Program Properties from "Big Code"
by Veselin Raychev, Martin Vechev, and Andreas Krause
POPL 2015 |
| September 22nd, 2015 |
Giga-Scale Exhaustive Points-To Analysis for Java in Under a Minute
by Jens Dietrich, Nicolas Hollingum, and Bernhard Scholz
OOPSLA 2015 |
| September 15th, 2015 |
Use at Your Own Risk: The Java Unsafe API in the Wild
by Luis Mastrangelo, Luca Ponzanelli, Andrea Mocci, Michele Lanza, Matthias Hauswirth, and Nathaniel Nystrom
OOPSLA 2015 |
| September 8th, 2015 |
Suggesting Accurate Method and Class Name
by Militadis Allamanis, Earl T. Barr, Christian Bird, and Charles Sutton
FSE 2015 |
| August 4th, 2015 |
Combining static and dynamic data flow analysis: a hybrid approach for detecting data leaks in java applications
by Mongiovi, Giannone, Fornaia, Pappalardo, and Tramontana
SAC 2015 |
| July 28th, 2015 |
Escape Analysis for Java
by Jong-Deok Choi, Manish Gupta, Mauricio Serrano, Vugranam C. Sreedhar, and Sam Midkiff
OOPSLA 1999 |
| July 7th, 2015 |
Encapsulating objects with confined types
by Christian Grothoff, Jens Palsberg, and Jan Vitek
OOPSLA 2001 |
| June 30th, 2015 |
Lightweight generics in embedded systems through static analysis
by Olivier Sallenave and Roland Ducournau
LCTES 2012 |
| June 23rd, 2015 |
Constructing Call Graphs of Scala Programs
by Karim Ali, Marianna Rapoport, Ondřej Lhoták, Julian Dolby, and Frank Tip
ECOOP 2014 |
| June 16th, 2015 |
Practical Virtual Method Call Resolution for Java
Vijay Sundaresan, Laurie Hendren, Chrislain Razafimahefa, Raja Vallée-Rai, Patrick Lam, Etienne Gagnon and Charles Godin
OOPSLA 2000 |
| June 9th, 2015 |
Scalable propagation-based call graph construction algorithms
by Frank Tip and Jens Palsberg
OOPSLA 2000 |
| June 2nd, 2015 |
Application-Only Call Graph Construction
by Karim Ali and Ondřej Lhoták
ECOOP 2012 |
| May 12th, 2015 |
Quantitative Interprocedural Analysis
by Krishnendu Chatterjee, Andreas Pavlogiannis, and Yaron Velner
POPL 2015 |
| April 28th, 2015 |
The Devil is in the Constants: Bypassing Defenses in Browser JIT Engines
by Michalis Athanasakis, Elias Athanasopoulos, Michalis Polychronakis, Georgios Portokalidis, and Sotiris Ioannidis
NDSS 2015 |
| April 21st, 2015 |
JMD: A Hybrid Approach for Detecting Java Malware
by Adrian Herrera and Ben Cheney
AISC 2015 |
| April 14th, 2015 |
ZOZZLE: Fast and Precise In-Browser JavaScript Malware Detection
by Charlie Curtsinger, Benjamin Livshits, Benjamin Zorn, Christian Seifert
USENIX 2011 |
| March 31st, 2015 |
Demand-driven context-sensitive alias analysis for Java
by Dacong Yan, Guoqing Xu, and Atanas Rountev
ISSTA 2011 |
| March 24th, 2015 |
Automating Information Flow Analysis of Low Level Code
by Musard Balliu, Mads Dam, and Roberto Guanciale
CCS 2014 |
| February 17th, 2015 |
Mind your Language(s) - A discussion about languages and security (Long Version)
by Eric Jaeger, Olivier Levillain, and Pierre Chifflier |
| February 3rd, 2015 |
Field-sensitive Function Pointer Analysis Using Field Propagation for State Graph Extraction
by Bo Huang, Xiang Ling, and Guoqing Wu |
| January 27th, 2015 |
Static Detection of Second-Order Vulnerabilities in Web Applications
by Johannes Dahse and Thorsten Holz |
| January 13th, 2015 |
Program analysis for secure big data processing
by Julian James Stephen, Savvas Savvides, Russell Seidel, and Patrick Eugster |
| December 9th, 2014 |
ORBS: Language-Independent Program Slicing
by David Binkley, Nicolas Gold, Mark Harman, Syed Islam, Jens Krinke, and Shin Yoo |
| December 2nd, 2014 |
ALETHEIA: Improving the Usability of Static Security Analysis
by Omer Tripp, Salvatore Guarnieri, Marco Pistoia, and Alexandr Aravkin |
| October 28th, 2014 |
A Static Analysis Framework For Detecting SQL Injection Vulnerabilities
by Xiang Fu, Xin Lu, Boris Peltsverger, Shijun Chen, Kai Qian, and Lixin Tao |
| October 21st, 2014 |
Proving Termination and Memory Safety for Programs with Pointer Arithmetic
by Thomas Ströder, Jürgen Giesl, Marc Brockschmidt, Florian Frohn, Carsten Fuhs, Jera Hensel, and Peter Schneider-Kamp |
| October 14th, 2014 |
Language-Based Architectural Control
by Jonathan Aldrich, Cyrus Omar, Alex Potanin and Du Li |
| October 7th, 2014 |
A conservative algorithm for computing the flow of permissions in Java programs
by Gleb Naumovich |
| July 29th, 2014 |
Declarative Policies for Capability Control
by Christos Dimoulas, Scott Moore, Aslan Askarov, and Stephen Chong |
| July 8th, 2014 |
Program analysis as constraint solving
by Sumit Gulwani, Saurabh Srivastava, and Ramarathnam Venkatesan |
| June 24th, 2014 |
Verifying the Safety of User Pointers Using Static Typing
by Etienne Millon, Emmanuel Chailloux, and Sarah Zennou |
| May 27th, 2014 |
ILEA: Inter-Language Analysis across Java and C
by Gang Tan and Greg Morrisett |
| May 13th, 2014 |
Java Bytecode Verification: An Overview
by Xavier Leroy |
| April 29th, 2014 |
Bringing java's wild native world under control
by Mengtao Sun, Gang Tan, Joseph Siefers, Bin Zeng and Greg Morrisett |
| April 14th, 2014 |
Language-based information-flow security
by Andrei Sabelfeld and Andrew C. Myers |